Policy Compliance - User Level Checks

Anyone know if Policy Compliance can actually interrogate every profile (whether mounted in the registry or not) on a server/workstation for user level requirements? For example, CID 9302 - "Status of "Enable screen saver" configuration for Windows users" is set at the user level, in each users profile in the registry. If the user isn't logged on, the registry key isn't mounted. How would Qualys overcome this to fully inspect all profiles that exist on the system? Without checking all profiles, I would not "pass" this check.

I'm not sure I agree. HKU is where all the "currently" loaded users live. HKCU is just that, your own user. If a user isn't currently logged on, they will have a profile in the file system and a corresponding .dat file. But they will NOT show up in HKU unless they are actually logged into the system.

Take Citrix as the example. If 100 people have logged on at one point or another, they have a profile directory in the file system. If only 10 out of those 100 are actually logged in and have apps running, only those 10 will show in HKU. Whomever launches regedit to view the registry will be the one list in HKCU.

So my question goes back to checking the users that are not actively logged on. Since their profile is not loaded in HKU, how can you check them? I can do it manually by loading all their profiles, but that is not realistic.

I have our engineering team looking into this and will get back to you once they have fully analyzed. In some cases, we are looking at settings in other locations - but it depends on what the requirements are for the related CIS benchmarks and other best practices that we based the control on.

Engineering has reviewed and I was misinformed on the functionality as you pointed out. Please send me an email and we can get on a call to discuss some improvements that we could make to this and related controls. In your email, if you know who your TAM is include them as well so they can help track any feature requests we may come up with.